Digital Evidence Gathering

We have expertise in collecting Evidence

The need for Expertise in digital evidence collection are being driven by the rapidly changing computing environment:

Evidence handling is clearly one of the most important aspects in the expanding field of computer forensics. The never-ending innovation in technologies tends to keep best practices in constant flux in effort to meet industry needs. One of the more recent shifts in evidence handling has been the shift away from simply “pulling the plug” as a first step in evidence collection to the adoption of methodologies to acquire evidence “Live” from a suspect computer.

We have expertise in collecting Evidence from

Analyzing network traffic.

CPU, cache and register content

Routing table, ARP cache, process table, kernel statistics

Memory

Temporary file system / swap space

Data on hard disk

Remotely logged data

Data contained on archival media

Decrypting Files.

Recovred Erased or changed data.

Scientific analysis of transmission logs and firewall filters.

Applications are installed from removable media such as a USB stick and are then virtualized in RAM without a trace on the hard disk Root kits hide within process undetected by the underlying operating system and when using local tools (binaries) — you must analyze memory with trusted binaries Malware is fully RAM resident with no trace of existence on the hard disk Users regularly utilize covert / hidden encrypted files or partitions – areas of the hard drive to hide evidence Popular web browsers offer the user the ability to cover their tracks — log files of user activity are created but deleted when the browser is closed Web 2.0 continues to change the landscape with web based email, blogs, wiki’s and twitter extending storage of user actions / communications beyond the traditional hard disk found on the users machine.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>